18th June, 2018 By Catalin Cimpanu
When it was released back in 2015, one of the main perks of Windows 10 was the improved security features that made it harder for rootkits to get a foothold on Microsoft's new OS.
But three years later, security researchers from Romania-based antivirus vendor Bitdefender say they've discovered a new adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations.
In fact, researchers say that 90% of all Zacinlo's recent victims are Windows 10 users, showing that crooks intentionally designed their "product" to work against Microsoft's latest OS.
Full Article.
Here is what Webroot has to say about this Malware!
And VirusTotal: https://www.virustotal.com/#/file/1d4236b3c446c1ab86c577615cc52d4edc99bf5b4077cd93e6cd37b90d6991a0/detection
SmartService Hashes:
SHA256: 1d4236b3c446c1ab86c577615cc52d4edc99bf5b4077cd93e6cd37b90d6991a0And VirusTotal: https://www.virustotal.com/#/file/1d4236b3c446c1ab86c577615cc52d4edc99bf5b4077cd93e6cd37b90d6991a0/detection
By Staff Writer
Jun 20 2018
8:46AM
https://i.nextmedia.com.au/Utils/ImageResizer.ashx?n=https%3a%2f%2fi.nextmedia.com.au%2fNews%2fit_photo_116233.jpg&w=900&c=0&s=0
Dubbed Zacinlo, this rare strain of malware typically operates by silently rendering webpages in the background in hidden windows to simulate clicks and keyboard interactions, or can replace ads naturally loaded in an open web browser with its own ads to collect revenue.
The malware, subject to an extensive investigation by security company Bitdefender, is armed with a sophisticated array of features to ensure it remains undetected, and even quashes any 'competition', featuring an adware cleanup routine to remove any potential rivals in the adware space.
It can also uninstall or delete services based on instructions it receives from the command and control infrastructure, to which it routinely sends information about its environment, including what form of anti-malware services may be installed, and which applications are running on startup.
One of its most concerning features involves a significant invasion of privacy, with Zacinlo able to take screen captures of a user's desktop and send them to its command and control centre for analysis.
https://www.pcauthority.com.au/news/zacinlo-malware-threatens-windows-10-pcs-security-494826
Jun 20 2018
8:46AM
https://i.nextmedia.com.au/Utils/ImageResizer.ashx?n=https%3a%2f%2fi.nextmedia.com.au%2fNews%2fit_photo_116233.jpg&w=900&c=0&s=0
Malware takes screenshots of users' desktops, and has been operating silently for six years.
Researchers have uncovered a sophisticated rootkit-based adware, mainly prevalent on Windows 10 devices, that has been operating covertly for six years.Dubbed Zacinlo, this rare strain of malware typically operates by silently rendering webpages in the background in hidden windows to simulate clicks and keyboard interactions, or can replace ads naturally loaded in an open web browser with its own ads to collect revenue.
The malware, subject to an extensive investigation by security company Bitdefender, is armed with a sophisticated array of features to ensure it remains undetected, and even quashes any 'competition', featuring an adware cleanup routine to remove any potential rivals in the adware space.
It can also uninstall or delete services based on instructions it receives from the command and control infrastructure, to which it routinely sends information about its environment, including what form of anti-malware services may be installed, and which applications are running on startup.
One of its most concerning features involves a significant invasion of privacy, with Zacinlo able to take screen captures of a user's desktop and send them to its command and control centre for analysis.
https://www.pcauthority.com.au/news/zacinlo-malware-threatens-windows-10-pcs-security-494826
Userlevel 3
Does Webroot have any protection/clean up for this rootkit?
Hi@ wrote:
Does Webroot have any protection/clean up for this rootkit?
I have merged this topic with a slightly earlier one and Daniel has posted a comment which may ineterest you on that subject, just scroll up a little bit.
Thanks @ for merging I guess I didn't go back far enough to see this thread.
Cheers,
Cheers,
Userlevel 3
Thanks for the info! So does that mean Webroot would pick it up with a full scan or do I have to do something special to detect it?
Thanks,
Beckey.
Thanks,
Beckey.
You don't need to do anything as WSA's Realtime Shield would detect it if you have it on your system, so your protected! ;)@ wrote:
Thanks for the info! So does that mean Webroot would pick it up with a full scan or do I have to do something special to detect it?
Thanks,
Beckey.
HTH,
Userlevel 3
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.